turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add comment about verifying the admin PIN before attempting a PIN-change (and a link to a yubico developer blog article detailing a potential pitfall of *not* doing that check)

Browse source
This commit is contained in:
Heiko Schaefer 2022-05-24 18:33:46 +02:00
parent cd40e2bae4
commit 0694e084e4
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
tools/src/bin/opgpcard/main.rs
View file

@ -286,6 +286,9 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
// verify pin
open.verify_admin(&admin_pin1)?;
// (Verifying the PIN here fixes this class of problems:
// https://developers.yubico.com/PGP/PGP_PIN_Change_Behavior.html
// It is also just generally more user friendly than failing later)
println!("PIN was accepted by the card.\n");
let pin_new = match admin_pin_new {